The Inner Circle

 View Only
  • 1.  Security is a shared responsibility

    Posted May 02, 2022 07:31:00 AM
    "We are fully on the cloud, hence we are secured"
    This is a very frequent statement that I hear during my day-on-day conversations with tech founders and software developers.
    But if that was the case, why would there be instances of Data Breaches for UnacademyTwitchDomino'sTwitter etc whose majority of the workload is in the cloud?

    The answer to that is the following statement:
    Security and Compliance is a shared responsibility between cloud provider and the customer

    Now the above language isn't something coined by me, it's what all the existing cloud providers around the world speak. But somehow this crucial piece of information during their elaborate marketing and knowledge seminars seems to be missing.

    So what does it exactly mean?

    Let's take an example of a server aka AWS EC2/Google Cloud to compute engine/Azure VM and many other fancy names all mean the same thing :P
    When you spin a new server, at that point ensuring nobody steals the actual hardware sitting somewhere in the data centre, no one steals your data disks and ensuring other facilities that are required to keep running your system are secured by the cloud provider.

    Anything beyond that is the responsibility of the customer. This includes securing your Operating System, server-side encryption, firewalls etc.

    For those who are wondering why did Log4j become such a big issue even for organisations deployed on the cloud, this is precisely the reason. It was and is the responsibility of the customer to identify and fix it.

    Now cloud providers aren't evil or incapable to help you with these security issues, there's a fundamental roadblock for them. Let's continue with the Log4j example. The patch to this vulnerability was to simply upgrade to a higher version. But if AWS upgrades it for you automatically and your application isn't compatible with the new version, the application breaks which could mean a significant financial and reputational loss to the customer.

    And this is why my team have built SecOps Solution, a platform that takes care of the other half of the security of your cloud.

    Ashwani Paliwal
    SecOps Solution

  • 2.  RE: Security is a shared responsibility

    Posted May 02, 2022 09:17:00 AM
    I'm not sure how this adds to the conversation about cloud computing. You've stated some very straightforward facts that are well known about cloud security. Namely, that it's a shared responsibility, and that providers can't patch vulnerabilities for you automatically without potentially breaking your application. If anything, this post seems to be more of a sales pitch for your team's SecOps Solution platform. Which is fine, but it doesn't really add anything to the discussion about cloud security.

    Rowan Sheridan

  • 3.  RE: Security is a shared responsibility

    Posted May 03, 2022 08:39:00 AM
    Actually, I have heard quite the opposite from the enterprise customers and they are hesitant to be on the cloud because of the shared nature of the environment as well as their ability to control aspects of the environment. Agree with Rowan, what you have stated are well known facts about cloud security general.

    Dharmesh Bhakta
    Cloud Systems Architect